diff options
Diffstat (limited to 'src/providers/ldap/ldap_common.c')
-rw-r--r-- | src/providers/ldap/ldap_common.c | 114 |
1 files changed, 64 insertions, 50 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 890e7a4a4..7d52e739a 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -272,14 +272,15 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ret != EOK) { goto done; } - DEBUG(6, "Option %s set to %s\n", + DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", opts->basic[search_base_options[o]].opt_name, dp_opt_get_string(opts->basic, search_base_options[o])); } } } else { - DEBUG(5, "Search base not set, trying to discover it later when " + DEBUG(SSSDBG_FUNC_DATA, + "Search base not set, trying to discover it later when " "connecting to the LDAP server.\n"); } @@ -315,14 +316,16 @@ int ldap_get_options(TALLOC_CTX *memctx, pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); if (pwd_policy == NULL) { - DEBUG(1, "Missing password policy, this may not happen.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "Missing password policy, this may not happen.\n"); ret = EINVAL; goto done; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { - DEBUG(1, "Unsupported password policy [%s].\n", pwd_policy); + DEBUG(SSSDBG_CRIT_FAILURE, + "Unsupported password policy [%s].\n", pwd_policy); ret = EINVAL; goto done; } @@ -332,7 +335,7 @@ int ldap_get_options(TALLOC_CTX *memctx, CONFDB_PAM_CRED_TIMEOUT, 0, &offline_credentials_expiration); if (ret != EOK) { - DEBUG(1, "Cannot get value of %s from confdb \n", + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n", CONFDB_PAM_CRED_TIMEOUT); goto done; } @@ -349,7 +352,8 @@ int ldap_get_options(TALLOC_CTX *memctx, * entries must not be purged from cache. */ if (!offline_credentials_expiration && account_cache_expiration) { - DEBUG(1, "Conflicting values for options %s (unlimited) " + DEBUG(SSSDBG_CRIT_FAILURE, + "Conflicting values for options %s (unlimited) " "and %s (%d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, CONFDB_PAM_CRED_TIMEOUT, @@ -359,7 +363,7 @@ int ldap_get_options(TALLOC_CTX *memctx, } if (offline_credentials_expiration && account_cache_expiration && offline_credentials_expiration > account_cache_expiration) { - DEBUG(1, "Value of %s (now %d) must be larger " + DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger " "than value of %s (now %d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, account_cache_expiration, @@ -373,7 +377,7 @@ int ldap_get_options(TALLOC_CTX *memctx, if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { - DEBUG(1, "Failed to verify ldap_deref option.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } @@ -383,7 +387,8 @@ int ldap_get_options(TALLOC_CTX *memctx, ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS); if (ldap_referrals) { - DEBUG(1, "LDAP referrals are not supported, because the LDAP library " + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP referrals are not supported, because the LDAP library " "is too old, see sssd-ldap(5) for details.\n"); ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false); } @@ -423,7 +428,7 @@ int ldap_get_options(TALLOC_CTX *memctx, default_netgroup_map = netgroup_map; default_service_map = service_map; } else { - DEBUG(0, "Unrecognized schema type: %s\n", schema); + DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema); ret = EINVAL; goto done; } @@ -472,26 +477,26 @@ int ldap_get_options(TALLOC_CTX *memctx, /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC); if (ret != EOK) { - DEBUG(1, "sss_krb5_try_kdcip failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); if (authtok_type != NULL && strcasecmp(authtok_type,"obfuscated_password") == 0) { - DEBUG(9, "Found obfuscated password, " + DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, " "trying to convert to cleartext.\n"); authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data == NULL || authtok_blob.length == 0) { - DEBUG(1, "Missing obfuscated password string.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n"); return EINVAL; } ret = sss_password_decrypt(memctx, (char *) authtok_blob.data, &cleartext); if (ret != EOK) { - DEBUG(1, "Cannot convert the obfuscated " + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated " "password back to cleartext\n"); return ret; } @@ -501,14 +506,14 @@ int ldap_get_options(TALLOC_CTX *memctx, ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob); talloc_free(cleartext); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE, "password"); if (ret != EOK) { - DEBUG(1, "dp_opt_set_string failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); return ret; } } @@ -1030,7 +1035,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n"); return; } @@ -1044,7 +1049,8 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) srvaddr = fo_get_server_hostent(server); if (!srvaddr) { - DEBUG(1, "FATAL: No hostent available for server (%s)\n", + DEBUG(SSSDBG_CRIT_FAILURE, + "FATAL: No hostent available for server (%s)\n", fo_get_server_str_name(server)); talloc_free(tmp_ctx); return; @@ -1053,20 +1059,20 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, fo_get_server_port(server)); if (sockaddr == NULL) { - DEBUG(1, "resolv_get_sockaddr_address failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n"); talloc_free(tmp_ctx); return; } if (fo_is_srv_lookup(server)) { if (!tmp) { - DEBUG(1, "Unknown service, using ldap\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Unknown service, using ldap\n"); tmp = SSS_LDAP_SRV_NAME; } srv_name = fo_get_server_name(server); if (srv_name == NULL) { - DEBUG(1, "Could not get server host name\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n"); talloc_free(tmp_ctx); return; } @@ -1079,12 +1085,12 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) } if (!new_uri) { - DEBUG(2, "Failed to copy URI ...\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n"); talloc_free(tmp_ctx); return; } - DEBUG(6, "Constructed uri '%s'\n", new_uri); + DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri); /* free old one and replace with new one */ talloc_zfree(service->uri); @@ -1106,7 +1112,7 @@ static void sdap_finalize(struct tevent_context *ev, ret = remove_krb5_info_files(se, realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } orderly_shutdown(0); @@ -1123,14 +1129,14 @@ errno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx, sig_realm = talloc_strdup(mem_ctx, realm); if (sig_realm == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); return ENOMEM; } sige = tevent_add_signal(ev, mem_ctx, SIGTERM, SA_SIGINFO, sdap_finalize, sig_realm); if (sige == NULL) { - DEBUG(1, "tevent_add_signal failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n"); talloc_free(sig_realm); return ENOMEM; } @@ -1149,7 +1155,8 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) ret = be_fo_run_callbacks_at_next_request(ctx->be_ctx, ctx->kdc_service_name); if (ret != EOK) { - DEBUG(1, "be_fo_run_callbacks_at_next_request failed, " + DEBUG(SSSDBG_CRIT_FAILURE, + "be_fo_run_callbacks_at_next_request failed, " "krb5 info files will not be removed, because " "it is unclear if they will be recreated properly.\n"); return; @@ -1157,13 +1164,14 @@ void sdap_remove_kdcinfo_files_callback(void *pvt) tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { - DEBUG(1, "talloc_new failed, cannot remove krb5 info files.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, + "talloc_new failed, cannot remove krb5 info files.\n"); return; } ret = remove_krb5_info_files(tmp_ctx, ctx->realm); if (ret != EOK) { - DEBUG(1, "remove_krb5_info_files failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "remove_krb5_info_files failed.\n"); } talloc_zfree(tmp_ctx); @@ -1180,7 +1188,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx = talloc_zero(mem_ctx, struct remove_info_files_ctx); if (ctx == NULL) { - DEBUG(1, "talloc_zfree failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zfree failed.\n"); return ENOMEM; } @@ -1188,7 +1196,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, ctx->realm = talloc_strdup(ctx, realm); ctx->kdc_service_name = talloc_strdup(ctx, service_name); if (ctx->realm == NULL || ctx->kdc_service_name == NULL) { - DEBUG(1, "talloc_strdup failed!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed!\n"); ret = ENOMEM; goto done; } @@ -1197,7 +1205,7 @@ errno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx, sdap_remove_kdcinfo_files_callback, ctx, NULL); if (ret != EOK) { - DEBUG(1, "be_add_offline_cb failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "be_add_offline_cb failed.\n"); goto done; } @@ -1307,13 +1315,13 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) krberr = krb5_init_context(&context); if (krberr) { - DEBUG(2, "Failed to init kerberos context\n"); + DEBUG(SSSDBG_OP_FAILURE, "Failed to init kerberos context\n"); goto done; } krberr = krb5_get_default_realm(context, &krb5_realm); if (krberr) { - DEBUG(2, "Failed to get default realm name: %s\n", + DEBUG(SSSDBG_OP_FAILURE, "Failed to get default realm name: %s\n", sss_krb5_get_error_message(context, krberr)); goto done; } @@ -1321,11 +1329,11 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) realm = talloc_strdup(mem_ctx, krb5_realm); krb5_free_default_realm(context, krb5_realm); if (!realm) { - DEBUG(0, "Out of memory\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory\n"); goto done; } - DEBUG(7, "Will use default realm %s\n", realm); + DEBUG(SSSDBG_TRACE_LIBS, "Will use default realm %s\n", realm); done: if (context) krb5_free_context(context); return realm; @@ -1353,10 +1361,12 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, krb5_opt_realm = dp_opt_get_string(opts, SDAP_KRB5_REALM); if (krb5_opt_realm == NULL) { - DEBUG(2, "Missing krb5_realm option, will use libkrb default\n"); + DEBUG(SSSDBG_OP_FAILURE, + "Missing krb5_realm option, will use libkrb default\n"); krb5_realm = sdap_gssapi_get_default_realm(tmp_ctx); if (krb5_realm == NULL) { - DEBUG(0, "Cannot determine the Kerberos realm, aborting\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "Cannot determine the Kerberos realm, aborting\n"); ret = EIO; goto done; } @@ -1375,20 +1385,20 @@ int sdap_gssapi_init(TALLOC_CTX *mem_ctx, SDAP_KRB5_USE_KDCINFO), &service); if (ret != EOK) { - DEBUG(0, "Failed to init KRB5 failover service!\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init KRB5 failover service!\n"); goto done; } ret = sdap_install_sigterm_handler(mem_ctx, bectx->ev, krb5_realm); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } ret = sdap_install_offline_callback(mem_ctx, bectx, krb5_realm, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { - DEBUG(0, "Failed to install sigterm handler\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to install sigterm handler\n"); goto done; } @@ -1430,7 +1440,7 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, /* split server parm into a list */ ret = split_on_separator(tmp_ctx, urls, ',', true, true, &list, NULL); if (ret != EOK) { - DEBUG(1, "Failed to parse server list!\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n"); goto done; } @@ -1446,7 +1456,8 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, } if (!dns_service_name) { - DEBUG(0, "Missing DNS service name for service [%s].\n", + DEBUG(SSSDBG_FATAL_FAILURE, + "Missing DNS service name for service [%s].\n", service_name); ret = EINVAL; goto done; @@ -1461,29 +1472,31 @@ static errno_t _sdap_urls_init(struct be_ctx *ctx, dns_service_name, NULL, BE_FO_PROTO_TCP, false, srv_user_data); if (ret) { - DEBUG(0, "Failed to add server\n"); + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n"); goto done; } - DEBUG(6, "Added service lookup\n"); + DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup\n"); continue; } ret = ldap_url_parse(list[i], &lud); if (ret != LDAP_SUCCESS) { - DEBUG(0, "Failed to parse ldap URI (%s)!\n", list[i]); + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to parse ldap URI (%s)!\n", list[i]); ret = EINVAL; goto done; } if (lud->lud_host == NULL) { - DEBUG(2, "The LDAP URI (%s) did not contain a host name\n", + DEBUG(SSSDBG_OP_FAILURE, + "The LDAP URI (%s) did not contain a host name\n", list[i]); ldap_free_urldesc(lud); continue; } - DEBUG(6, "Added URI %s\n", list[i]); + DEBUG(SSSDBG_TRACE_FUNC, "Added URI %s\n", list[i]); talloc_steal(service, list[i]); @@ -1613,12 +1626,13 @@ errno_t string_to_shadowpw_days(const char *s, long *d) errno = 0; l = strtol(s, &endptr, 10); if (errno != 0) { - DEBUG(1, "strtol failed [%d][%s].\n", errno, strerror(errno)); + DEBUG(SSSDBG_CRIT_FAILURE, + "strtol failed [%d][%s].\n", errno, strerror(errno)); return errno; } if (*endptr != '\0') { - DEBUG(1, "Input string [%s] is invalid.\n", s); + DEBUG(SSSDBG_CRIT_FAILURE, "Input string [%s] is invalid.\n", s); return EINVAL; } |